Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jpmens/phreefingerprint
Create DNS TXT RR from PEM certificate for @dakami's Phreeload
https://github.com/jpmens/phreefingerprint
Last synced: 1 day ago
JSON representation
Create DNS TXT RR from PEM certificate for @dakami's Phreeload
- Host: GitHub
- URL: https://github.com/jpmens/phreefingerprint
- Owner: jpmens
- Created: 2010-11-19T19:59:21.000Z (almost 14 years ago)
- Default Branch: master
- Last Pushed: 2011-06-20T12:47:45.000Z (over 13 years ago)
- Last Synced: 2024-10-15T00:26:19.745Z (22 days ago)
- Language: C
- Homepage:
- Size: 89.8 KB
- Stars: 0
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# phreefingerprint
Create DNS TXT RR from PEM certificate for @dakami's Phreeload or for Extended DNSSEC Validator. (See [my posting](http://jpmens.net/2011/02/16/ssl-certificate-validation-and-dnssec/) for what the latter does.)
## Usage
phreefingerprint [-t] domain certfile
certfile is a certificate in PEM format. E.g. to get your cert go to your SSL site:
openssl s_client -connect amazon.de:443
copy and paste the cert from that output into `my.crt`. Then run
./phreefingerprint mydomain my.crt
mydomain IN TXT "v=key1 ha=sha1 h=561b9b3cc34cc2e6fa38a554be1f919ce4c8ce7a"
Most of this code is swiped from other SSL clients
I've added support for the (hopefully upcoming) TLSA as described in [dane](http://datatracker.ietf.org/wg/dane/). Use option '-t' to get that:
./phreefingerprint -t mydomain my.crt
mydomain IN TYPE65534 \# 22 ( 0101561b9b3cc34cc2e6fa38a554be1f919ce4c8ce7a )
There's an #ifdef in the code to enable TLSA RRtype.